1: <?php
  2: 
  3: 
  4: /**
  5:  * Ws_userModel
  6:  * Store user records for role based access control module.
  7:  * 
  8:  * @see WsAuth
  9:  * @see Ws_rolesModel
 10:  * @see Ws_permissionsModel
 11:  * @see Ws_role_permModel
 12:  * @see Ws_user_roleModel
 13:  * 
 14:  */ 
 15: class Ws_userModel extends WsModel
 16: {
 17:     public function __construct()
 18:     {
 19:         parent::__construct();
 20: 
 21:         // mysql/maridb don't detect boolean type properly
 22:         $this->columnType['is_verified'] = 'bool_type';
 23:         $this->columnType['is_active'] = 'bool_type';
 24: 
 25:         // don't show user salt and verification code in admin or
 26:         // edit forms
 27:         $this->hiddenColumns = array('user_salt', 'verification_code');
 28: 
 29:         // set metaName for displaying in grid and form
 30:         $this->metaName = WsLocalize::msg('User Accounts');
 31: 
 32:         // column headers for grid and form
 33:         $this->columnHeaders = array(
 34:             'id' => WsLocalize::msg('user id'),
 35:             'email' => WsLocalize::msg('mail address'),
 36:             'password' => WsLocalize::msg('password'),
 37:             'is_verified' => WsLocalize::msg('verified account?'),
 38:             'is_active' => WsLocalize::msg('active account?'),
 39:         );
 40:     }
 41: 
 42: 
 43:     /**
 44:      * Returns random string of specific length.
 45:      *
 46:      * @param integer $length Length of string.
 47:      * @return string $string Random sting
 48:      *
 49:      */
 50:     public function randomString($length = 50)
 51:     {
 52:         $chars = '0123456789abcdefghijklmnopqrstuvwxyz';
 53:         $string = '';
 54: 
 55:         for ($p = 0; $p < $length; $p++) {
 56:             $string .= $chars[mt_rand(0, strlen($chars)-1)];
 57:         }
 58: 
 59:         return $string;
 60:     }
 61: 
 62: 
 63:     /**
 64:      * Encript data with sha512 algorithm
 65:      *
 66:      * @param string $data Data to encript
 67:      * @return string $data Encripted data
 68:      *
 69:      */
 70:     public function hashData($data)
 71:     {
 72:         return hash_hmac('sha512', $data, $this->user_salt);
 73:     }
 74: 
 75: 
 76:     /**
 77:      * this function is called before every save() to ensure that password is
 78:      * encripted
 79:      *
 80:      * @return boolean
 81:      *
 82:      */
 83:     public function beforeSave()
 84:     {
 85:         // admin account is always verified and active
 86:         if ($this->email == WsConfig::get('auth_mail')) {
 87:             if (WsConfig::get('db_driver') == 'pgsql') {
 88:                 $user_model->is_verified = 't';
 89:                 $user_model->is_active = 't';
 90:             } else {
 91:                 $user_model->is_verified = 1;
 92:                 $user_model->is_active = 1;
 93:             }
 94:         }
 95: 
 96:         /* prepare password and verification code
 97:          * generate user salt
 98:          */
 99:         $this->user_salt = $this->randomString();;
100:         // salt and hash the password
101:         $password = $this->user_salt.$this->password;
102:         $password = $this->hashData($password);
103: 
104:         $this->password = $password;
105: 
106:         return true;
107:     }
108: 
109: 
110:     /*
111:      * this function is called before every delete() to ensure that nobody can
112:      * delete administrator's account
113:      *
114:      * @return boolean
115:      *
116:      */
117:     public function beforeDelete()
118:     {
119: 
120:         // prevent removal of admin user account
121:         if ($this->email == WsConfig::get('auth_mail')) {
122:             return false;
123:         }
124: 
125:         return true;
126:     }
127: }
128: